Device compliance for Windows 365 Enterprise Cloud PCs

This week is a short follow-up on my posts of the last couple of weeks about getting started with Windows 365 Enterprise. One of the items that was not specifically addressed is device compliance. In general it would be great to address Cloud PCs like any other laptop or desktop within the organization. There are, however, some differences to keep in mind and that might require organizations to use a slightly adjusted configuration for Cloud PCs. One of the main reason for that could be disk encryption. This post will address how disk encryption is different for Cloud PCs and also how other hardening features are similar for Cloud PCs. Besides that, this post will provide an easy method to work with exceptions for Cloud …

Read more

Getting started with Windows 365 Enterprise using a custom image

The last couple of weeks were mainly focused on getting started with Windows 365 Enterprise. Mainly focused on the networking configurations and join types of Cloud PCs. This week the focus will go to the more advanced imaging options. When looking specifically at Windows 11, the available Gallery image only contains the Microsoft 365 apps for enterprise. In some scenarios that might not be sufficient and some tuning and additional apps are required. In those cases, it’s always possible to rely on a custom image. An image that is based on the same starting point, but tuned to be a better fit for that specific scenario. This post will go through a simple process for creating an image based on an Azure Virtual Machine (VM), …

Read more

Getting started with Windows 365 Enterprise using an Azure Network Connection

This week is a follow-up on last week. Last week was about Windows 365 Enterprise in its simplest form, while this week will be about the more advanced networking forms of Windows 365 Enterprise. In other words, the different options of the Azure network connections and what it brings to Cloud PCs. For a quick introduction about Cloud PCs in its simplest form, with a Microsoft hosted network connection, have a look at that previous post. The more advanced networking connections enable organizations to create a connection with an on-premises environment. That on-premises environment can be an environment running in Azure, or an environment running in any datacenter. As long as it’s connected. The idea of this post is to provide the basics around the …

Read more

Getting started with Windows 365 Enterprise using a Microsoft Hosted Network

This week is not about something totally new, but it is about something that really deserves a place on this blog. It’s all about Windows 365 Enterprise. More specifically, Windows 365 Enterprise in its simplest form, in a Microsoft Hosted Network. Windows 365 Enterprise is a cloud-service provided by Microsoft that will automatically create Windows virtual machines (a.k.a. Cloud PCs) for licensed users. A very straight forward method to provide users with a personal PC from the cloud (a.k.a. Cloud PC). It combines the strengths of different Microsoft products by relying on Microsoft Endpoint Manager for management, by relying on Azure AD for identity and access control and by relying on Azure Virtual Desktop for remote connectivity. The idea of this post is to provide …

Read more

Easily managing Universal Print printers on Windows 11 devices

This week is al about Microsoft Universal Print. Not, however, about the concept, the connectors, the printers, or the printer shares. Just about the configuration, via Microsoft Intune, on Windows devices. And in particular, at this moment, Windows 11 devices. Windows 11 devices now contain the UniversalPrint CSP that can be used to easily configure Universal Print printers on Windows devices. That replaces the existing Universal Print printer provisioning tool and provides a direct configuration (and integration) option with Microsoft Intune. Based on the provided configurations it retrieves the required printer information from the Universal Print service and installs the printer on the Windows device. This post will go through the available settings in the UniversalPrint CSP and the configuration via Microsoft Intune. Important: At the moment …

Read more

Microsoft MVP 2022-2023!

That feeling never changes and it never gets normal, it just awesome! A few hours ago I received that great email that I’m awarded with the 2022-2023 Microsoft MVP Award for my contributions in the Enterprise Mobility technical communities! That’s number 8! With every year I’m still always looking for words to describe that feeling that comes with recieving this award. I’m feeling humbled, I’m feeling proud, I’m feeling exited, but above all I’m feeling honored! Really honored! As with previous years, to me every award is always worth a small post. On one hand because I’m very delighted, very honored, very proud and very exited of receiving my eigth award in a row, but on the other hand even more because I just need …

Read more

Getting started with Device Control Printer Protection

This week is a follow-up on an earlier post about controlling devices connected to Windows devices. That post was focussed on device control as a feature of Microsoft Defender for Endpoint, in general. This post will specifically focus on Device Control Printer Protection. Device Control Printer Protection is the printer protection feature that can be used to prevent users from printing via non-corporate network printers or non-approved USB-printers. That adds an additional layer of data protection and security. This post will look in more detail at the printer protection configuration options, at applying printer protection and at the experience with printer protection enabled (the user experience and the administrator experience). Note: The configuration options (protect) are available within a Microsoft 365 E3 license and the …

Read more

Using the software updates page in the Microsoft 365 admin center for a high-level overview

This week is all about creating some awareness for a newly introduced page within the Microsoft 365 admin center portal. That new page is the Software updates page and that page provides a high-level overview – in the Windows tab – of the installation status of Windows updates within the organization. It literally provides a high-level overview, as it currently only shows the most important pieces of information. Those pieces of information are the Windows update status information and the End of servicing information. That information provides key insights in the status of devices within the organizations. That includes a quick look at the status of the latest security updates on the devices within the organization, to make sure that the devices are protected from …

Read more

Getting started with Azure Monitor agent on Windows client devices

This week is about something totally different compared to the last weeks and maybe even months. There have been examples before about gathering additional data of Windows devices and using that information for dashboards and more. Those examples were mainly focused on existing data and custom scripting. This time the focus is on the Azure Monitor agent for Windows client devices. A few months ago Microsoft introduced the Windows client installer that can be used to collect data from desktops, workstations and laptops, in addition to the already existing options for servers and virtual machines. It enables the collection of Event Logs, Performance Counters and more. That could be useful with for example the introduction of AppLocker, to gather events about the behavior of apps. …

Read more

Addressing the need for multiple Microsoft Tunnel Gateway servers

This week will focus on addressing the need for multiple Microsoft Tunnel Gateway servers. A single server is easy to setup, and easy to discuss and to describe, but that just a starting point. Often there is a need for multiple Microsoft Tunnel Gateway servers. That could be for providing high availabilty, for supporting the right amount of users and even for providing access to resources on different remote locations. So, it can be multiple servers on the same location and multiple servers on different locations. This post will go through the main scenarios for multiple servers and will focus on the main configurations that should be in place to support and configure those scenarios. No detailed configurations this time. Only descriptions of the main …

Read more